1. Home
  2. Software
  3. ROADTools

ROADTools

ROADTools is a framework for enumerating Azure Active Directory environments. The tool is written in Python and publicly available on GitHub.[1]

ID: S0684
Type: TOOL
Platforms: Identity Provider
Version: 1.0
Created: 18 February 2022
Last Modified: 16 September 2024
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1526 云服务发现

ROADTools can enumerate Azure AD applications and service principals.[2]

Enterprise T1078 .004 有效账户: Cloud Accounts

ROADTools leverages valid cloud credentials to perform enumeration operations using the internal Azure AD Graph API.[2]

Enterprise T1069 .003 权限组发现: Cloud Groups

ROADTools can enumerate Azure AD groups.[2]

Enterprise T1119 自动化收集

ROADTools automatically gathers data from Azure AD environments using the Azure Graph API.[2]
Enterprise T1087 .004 账号发现: Cloud Account

ROADTools can enumerate Azure AD users.[2]
Enterprise T1018 远程系统发现

ROADTools can enumerate Azure AD systems and devices.[2]

Groups That Use This Software

ID Name References
G0016 APT29

[3]

References

  1. Dirk-jan Mollema. (2022, January 31). ROADtools. Retrieved January 31, 2022.
  2. Dirk-jan Mollema. (2020, April 16). Introducing ROADtools - The Azure AD exploration framework. Retrieved January 31, 2022.
  1. Microsoft Threat Intelligence Center. (2021, October 25). NOBELIUM targeting delegated administrative privileges to facilitate broader attacks. Retrieved March 25, 2022.